Lieutenant General Ulrich Wolf (left) with former SACEUR General James Jones.

"[During] robot attacks... thousands of computers are
connected to overload a targeted storage device with messages
and with the aim
to shut down its services. The systems used are high-jacked by the attacker...
An estimated
50 million machines around the
world have been compromised in this way."

The threat of cyber-war is real and it is amongst and
could be waged against all of us. Are you aware that you might be a
cyber-terrorist? While of course you would not be one intentionally, there is a
chance you might be one by accident.

THE POSSIBILITY OF ROBOT ATTACKS

Let me explain this statement. There are such
things as "robot attacks" in which thousands of computers are
connected to overload a targeted storage device with messages and with the aim
to shut down its services. The systems used are high-jacked by the attacker and
are distributed all over the world. An estimated 50 million machines around the
world have been compromised in this way, and are ready to be used in these
types of denial-of-service attacks. One of them could be your computer, in your
home or your office, or it could be your children's computer.

The attack on Estonia was the first of its
kind against a NATO member. However, defending against attempted intrusion into
NATO’s data networks is a daily reality. NCSA is responsible for secure
end-to-end communication services and is therefore the first line of resistance
in the cyber-defense of the Alliance. We receive about one million e-mails at
SHAPE Headquarters each month. Nearly half of them are unwanted SPAM and about
76,000 viruses were stopped at our firewalls.

NATO'S CYBER-DEFENSE PROGRAM

NATO’s cyber-defense program, which was
initiated three years ago, is at its initial operating capability. At my headquarters
in Mons we have a state-of-the-art NATO Computer Incident Response Capability
Technical Center, whose intrusion prevention system saw 14.5 million potential
security incidents in 2006. But most of us consider cyber-security as a
subject for computer specialists and nothing to really worry about. It’s a bit
like it was during the Cold War: We theoretically are aware of the threat, but
in our day-to-day private lives and businesses we do not care. But cyber-war
threatens our entire society—the military, government institutions, industry,
finance, and health systems, as well as all of us individually. Therefore
defense against this threat should be a matter of importance for all of us.

It is the responsibility of our governments
to develop a comprehensive defense concept horizontally across all departments
and vertically from the state down to the community level. We need to find new
forms of coalitions that include industry and the financial world. ISPs and
software companies also need to play a key role. But in which of our countries
is this already the case?

There is a real need for a cyber-related
policy at the Alliance and the EU level—the case of Estonia may have opened the
question about the need for a cyber-version of Article 5. My agency, NCSA, has
taken the first steps to reach out to the information-security domains of
Alliance member-nations to coordinate our efforts, share best practices and
threat assessments, and establish a system for incident reports and warnings.
In addition to our contracted defense capabilities we have also developed an
active partnership with many of our main software and hardware vendors because
they are also targets of the same enemy.

GOING FROM PASSIVE TO ACTIVE DEFENSE

There is much work still to do. One of the
most important areas that urgently needs further development is a common
intelligence capability that will enable us to go from mere reaction to active
prevention. NATO has no capability for active cyber-warfare. Why is this? Is it
not time to reconsider the rationale for cyber-warfare?

What I recommend is an open, politically
driven discussion, a thorough, in-depth threat assessment that should lead to a
common, realistic understanding of the situation. It should also lead to the
development of a comprehensive strategy and finally to an effective
multi-organizational and multi-national defense capability that includes an
element of active cyber-warfare. NATO should take the lead in this. There must
also be the necessary investments of money and manpower, which will definitely
not be small.

On a personal level, I would like to end by
advising you to update your Internet security software on a regular basis in
order to avoid being turned into a cyber-terrorist unintentionally.